- -------------------------------------------------------------------------- Debian Security Advisory DSA 252-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 21st, 2003 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : slocate Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE Id : CAN-2003-0056 A problem has been discovered in slocate, a secure locate replacement. A buffer overflow in the setuid program slocate can be used to execute arbitrary code as superuser. For the stable distribution (woody) this problem has been fixed in version 2.6-1.3.1. The old stable distribution (potato) is not affected by this problem. For the unstable distribution (sid) this problem has been fixed in version 2.7-1. We recommend that you upgrade your slocate package immediately. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 550 9ade1dcc6d5185c9acddd8b487d5d28b Size/MD5 checksum: 7058 a7ac6632dc02e1e26ad9f5cb462cced7 Size/MD5 checksum: 69213 08b1902323d686130a6daaca1fac61fc Alpha architecture: Size/MD5 checksum: 28100 44eccd6ca90b61996b50eb396456f798 ARM architecture: Size/MD5 checksum: 25290 52d54dacf94f35519fbfb8d5a2ebd8a9 Intel IA-32 architecture: Size/MD5 checksum: 24788 9c9121191ee8ce7321bda76b3bb0c8fa Intel IA-64 architecture: Size/MD5 checksum: 31100 039ee8d8218e953d51a3514d9318f2d6 HP Precision architecture: Size/MD5 checksum: 26822 0ad73800a4c0c19518cad0aa3768f1c6 Motorola 680x0 architecture: Size/MD5 checksum: 24338 2eb37c351a989dd14d9ad84fe6f3176b Big endian MIPS architecture: Size/MD5 checksum: 25656 85426c291c393fec878012afdcf85aaf Little endian MIPS architecture: Size/MD5 checksum: 25592 fabe9486658781a7584a583e07370442 PowerPC architecture: Size/MD5 checksum: 25658 08a2aa276b88ed5335c2e0ff8650c696 IBM S/390 architecture: Size/MD5 checksum: 25710 956dbf8e147bd1f31ffa3fa43c3e31d4 Sun Sparc architecture: Size/MD5 checksum: 27604 10aa9aff27a87f88d78b57b33ae5b2d5 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show' and http://packages.debian.org/
Debian: slocate arbitrary code execution vulnerability
February 21, 2003
A buffer overflow in the setuid program slocate can be used to execute arbitrary code as superuser.
Summary
A problem has been discovered in slocate, a secure locate replacement.
A buffer overflow in the setuid program slocate can be used to execute
arbitrary code as superuser.
For the stable distribution (woody) this problem has been
fixed in version 2.6-1.3.1.
The old stable distribution (potato) is not affected by this problem.
For the unstable distribution (sid) this problem has been fixed in
version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
Size/MD5 checksum: 550 9ade1dcc6d5185c9acddd8b487d5d28b
Size/MD5 checksum: 7058 a7ac6632dc02e1e26ad9f5cb462cced7
Size/MD5 checksum: 69213 08b1902323d686130a6daaca1fac61fc
Alpha architecture:
Size/MD5 checksum: 28100 44eccd6ca90b61996b50eb396456f798
ARM architecture:
Size/MD5 checksum: 25290 52d54dacf94f35519fbfb8d5a2ebd8a9
Intel IA-32 architecture:
Size/MD5 checksum: 24788 9c9121191ee8ce7321bda76b3bb0c8fa
Intel IA-64 architecture:
Size/MD5 checksum: 31100 039ee8d8218e953d51a3514d9318f2d6
HP Precision architecture:
Size/MD5 checksum: 26822 0ad73800a4c0c19518cad0aa3768f1c6
Motorola 680x0 architecture:
Size/MD5 checksum: 24338 2eb37c351a989dd14d9ad84fe6f3176b
Big endian MIPS architecture:
Size/MD5 checksum: 25656 85426c291c393fec878012afdcf85aaf
Little endian MIPS architecture:
Size/MD5 checksum: 25592 fabe9486658781a7584a583e07370442
PowerPC architecture:
Size/MD5 checksum: 25658 08a2aa276b88ed5335c2e0ff8650c696
IBM S/390 architecture:
Size/MD5 checksum: 25710 956dbf8e147bd1f31ffa3fa43c3e31d4
Sun Sparc architecture:
Size/MD5 checksum: 27604 10aa9aff27a87f88d78b57b33ae5b2d5
These files will probably be moved into the stable distribution on
its next revision.
For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
Severity
Package : slocate
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0056
News
HOWTOs
Features
About Us
Powered By
